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AMENDMENTS TO THE CLAIMS 



LAIMS: 



1. (currently amended) A distributed subscriber management method , for a user network for 
performing controlling user authentication for an external network at an access control node located 
between a plurality of user networks and , the external network being connected to the access 
control node by means of an access network , the access network being connected to an external 
network having an access rights authentication server? - , the method comprisin g the steps of : 

(a) receiving, at an-the access control node , which is operatively 
connected to a-the plurality of user networks, a data unit from a user located on one of the plurality 
of user networks; 

(b) determining thafc -whether the data unit requires authentication; 

(c) authenticating the determined data unit; 

(c) if the data unit requires authentication, determining whether 

authentication data is locally stored on the access control node, 

(d) determining that the authenticated data unit is eligible for 

transmission. 

(d) if the authentication data is locally stored on the access control node, 

authenticating the data unit, thus preventing unnecessary traffic interchange between the access 
network and the plurality of user networks; 

(e) if the authentication data is not locally stored on the access control 

node, determining whether the data unit is eligible for transmission to the external network; and 

(f) if the data unit is eligible for transmission, transmitting said data unit 

from the access control node to the authentication server of the external network. 



TR-053-US (SKEMER) marked-up Copy 

2/6 



2. (currently amended) The distributed subscriber management method as claimed in claim 1 , 
wherein the authenticating step (d) includes interrogating the user for access information. 

5 3. (currently amended) The distributed subscriber management method as claimed in claim 21, 
wherein the step (f) authenticating includes transmitting the access information to an authentication 
server of an e xternal network comprises a step of receiving, at the access control node, an 
authentication message for said data unit from the authentication server to permit the user to access 
the external network. 

10 

4. (currently amended) The distributed subscriber management method as claimed in claim 31 , 
wherein the step (b) comprises a step of searching the authenticated data unit locally stored on the 
access control node. 

15 authenticating includes tran s mitting an authentication messag e from the authentication server to the 
access control node to permit the user to access the external network . 

5. (currently amended) The distributed subscriber management method as claimed in claim 42, 
20 further including encrypting the access information at the access control node prior to transmitting 

the access information to ; and decrypting the access information at the authentication serve r of the 
external network . 

25 6. (currently amended) The distributed subscriber management method as claimed in claim 3, 
wherei n the authentication server of the external network employs remote authentication dial in 
user service protocol the step of receiving, at the access control node, the authentication message 
for said data unit comprises a step of storing authenticated data unit in a local authorization table on 
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the access control node . 

7. (currently amended) The distributed subscriber management method as claimed in claim 36, 
wherein the step (b) comprises searching the authenticated data units stored in the local 

5 authorization table on the access control node the authentication server of the external network 
employs password authentication protocol . 

8. (currently_amended) The distributed subscriber management method as claimed in claim 3, 
wherein the step (f) comprises a step of communicating with the authentication server employing 

10 one or more of standard authentication protocols selected from the list consisting of remote 

authentication dial-in user service protocol password authentication protocol challenge handshake 
authentication protocol and terminal access controller access control system protocol authentication 
server of the external network employs challenge handshake authentication protocol 

15 9. (currently amended) The distributed subscriber management method as claimed in claim Jl, 

wherein the step (d) comprises employing one or more of standard authentication protocols selected 
from the list consisting of remote authentication dial-in user service protocol password 
authentication protocol challenge handshake authentication protocol and terminal access controller 
access control system protocol at the access control node authentication server of the external 

20 network employs terminal access controller access control system . 

10. (currently amended) The distributed subscriber management method as claimed in claim 13, 
wherein the step (f) further including includes p acket labelling labeling of the data unit. 

25 11. (currently amended) The distributed subscriber management method as claimed in claim 46, 
wherein the step of receiving the authentication message further including includes determining the 
contents of the authentication message at the access control node. 



12. (currently amended) The distributed subscriber management method as claimed in claim 44J_, 
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wherein the step (e) comprises examining the content of the authenticated data unit at the access 
control node further including dropping the data unit if the contents indicate rejection . 

5 13. (canceled) The distributed subscriber management method as claimed in claim 1 1, 

further including examining the authentication message for authenticity. 

14. (original) The distributed subscriber management method as claimed in claim 1, 
further including collecting statistical usage information at the access node. 

10 

15. (currently amended) An integrated access device, for placement between a user network and an 
external network, the external network having an access rights authentication server, the integrated 
access device comprising: 

a user network interface for operatively connecting to a plurality of user 
1 5 networks to receive data units from the plurality of user networks; 

an authentication agent, operatively connected to the user network 

interface for locally authenticating, authorising authorizing and forwarding data units received from 

the plurality of user networks; 

an external network interface, operatively connected to the authentication 
20 agent, for forwarding data units locally authorised authorized b y the authentication agent to an-the 
external networ k; and 

means for communicating with the access rights authentication server of 

the external network. 

25 

16. (original) An integrated access device as claimed in claim 15, wherein the user 
network interface includes a plurality of ingress cards and the external network interface includes an 
egress card. 



TR-053-US (SKEMER) marked-up Copy 

5/6 



17. (currently amended) An integrated access device as claimed in claim 15, wherein the 
authentication agent includes a local authori s ation authorization table for authorising authorizing 
data units. 

5 

18. (original) An integrated access device as claimed in claim 15, wherein the 
authentication agent includes network address assignment and release means. 

19. (currently amended) An integrated access device as claimed in claim 15, further including 

1 0 service level enforcing means -, network resource management means, means for statistical usage 
collection, and alarm monitoring means. 

19. (canceled) An integrated access device as claimed in claim 15, further including 
network resource management means. 

15 

20. (canceled) An integrated access devic e as claimed in claim 19, further including 
means for statistical usage collection means. 

20 

24-20. (currently amended) An integrated access device as claimed in claim £017, further 
including alarm monitoring means, wherein the means for communicating with the access rights 
authentication server comprises: 

means for determining whether the data unit is eligible for transmission 

25 from the access control node to the authentication server of the external network; 

means for transmitting the data unit from the access control node to the 

authentication server of the external network; 
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means for receiving, at the access control node, an authentication 

message for said data unit from the authentication server to permit the user to access the external 
network; and 

means for storing authenticated data units in a local authorization table on 

5 the access control node. 

21 . (currently amended) An integrated access device as claimed in claim 15, wherein the 
authentication client -agent includes a password authentication protocol-elieftt. 

10 22. (currently amended) An integrated access device as claimed in claim 1 5, wherein the 
authentication elient -agent includes a challenge handshake authentication protocol-client. 

23. (currently amended) An integrated access device as claimed in claim 15, wherein the 
authentication eiien ^agent includes a terminal access controller access control system-client. 

15 

24. (currently amended) An integrated access device as claimed in claim 15, wherein the 
authentication clien^ agent includes a remote authentication dial-in user service protocol-client. 

25. (new) An access control node, for placement between a plurality of user 

20 networks and an access network, the access network being connected to an external network having 
an access rights authentication server, the access control node comprises the integrated access 
device claimed in claim 15. 



